Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@simplewebauthn/server

Package Overview
Dependencies
Maintainers
1
Versions
87
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@simplewebauthn/server - npm Package Versions

1
79

0.8.0

Diff

Changelog

Source

v0.8.0 - The one with better challenges

Packages:

  • @simplewebauthn/browser@0.8.0
  • @simplewebauthn/server@0.8.0
  • @simplewebauthn/typescript-types@0.8.0

Changes:

  • [server] The challenge parameter of generateAttestationOptions() and generateAssertionOptions() is now optional.
    • When undefined the library will generate a random challenge. This value will be base64url-encoded in preparation for transit to the front end.
    • When defined the value will be directly encoded to base64url in preparation for transit to the front end.
  • [browser] startAttestation() and startAssertion() now convert the base64url-encoded options.challenge to a buffer before passing it to the authenticator.

Breaking Changes

  • [server] verifyAttestationResponse() and verifyAssertionResponse() now require the base64url-encoded challenge to be passed in as expectedChallenge:

Before:

const challenge = 'someChallenge';

const opts = generateAttestationOptions({
  ...atteOpts,
  challenge,
});

const verification = verifyAttestationResponse({
  ...atteResp,
  // Raw original value
  expectedChallenge: challenge,
});

After:

const challenge = 'someChallenge';

const opts = generateAttestationOptions({
  ...atteOpts,
  // This is now optional
  challenge,
});

const verification = verifyAttestationResponse({
  ...atteResp,
  // Now expected to be the base64url-encoded `challenge` returned
  // by `generateAttestationOptions()`
  expectedChallenge: opts.challenge,
});
iamkale
published 0.7.4 •

Changelog

Source

v0.7.4

Packages:

  • @simplewebauthn/browser@0.7.4
  • @simplewebauthn/server@0.7.4

Changes:

  • [browser] Update dependencies
  • [server] Update dependencies
iamkale
published 0.7.3 •

Changelog

Source

v0.7.3

Packages:

  • @simplewebauthn/browser@0.7.3
  • @simplewebauthn/server@0.7.3

Changes:

  • [browser] Add support for UTF-8 values in server challenges
  • [server] Minor performance improvement
iamkale
published 0.7.2 •

Changelog

Source

v0.7.2

Packages:

  • @simplewebauthn/browser@0.7.2
  • @simplewebauthn/server@0.7.2

Changes:

  • [server] Added support for specifying a custom array of COSE algorithm identifiers when calling generateAttestationOptions() and verifyAttestationResponse()
  • [browser] Updated README.md with new doc URLs
iamkale
published 0.7.1 •

Changelog

Source

v0.7.1

Packages:

  • @simplewebauthn/browser@0.7.1
  • @simplewebauthn/server@0.7.1
  • @simplewebauthn/typescript-types@0.7.1

Changes:

  • Fixed broken README and Homepage links in package listings on NPMJS.com
iamkale
published 0.7.1-alpha.1 •

iamkale
published 0.7.1-alpha.0 •

iamkale
published 0.7.0 •

Changelog

Source

v0.7.0 - The one that passes FIDO conformance testing

Packages:

  • @simplewebauthn/browser@0.7.0
  • @simplewebauthn/server@0.7.0
  • @simplewebauthn/typescript-types@0.7.0

Changes:

  • [server] Add support for TPM attestations
  • [server] Add support for Android Key attestations
  • [server] Add support for authenticator metadata statements and the FIDO Metadata Service (MDS)

Breaking Changes

  • [server] The return type of verifyAttestationResponse() changed from boolean to Promise<boolean>. This was necessary to support querying FIDO MDS for an authenticator metadata statement during attestation verification.
  • [server] The optional requireUserVerification parameter of verifyAssertionResponse() has been replaced with the new optional fidoUserVerification parameter. This enables greater control over user verification when verifying assertions.
iamkale
published 0.6.1 •

Changelog

Source

v0.6.1

Packages:

  • @simplewebauthn/server@0.6.1

Changes:

  • [typescript-types] Update verifyAttestationResponse() options param description.
iamkale
published 0.6.0 •

Changelog

Source

v0.6.0 - The one with better response verification

Packages:

  • @simplewebauthn/browser@0.6.0
  • @simplewebauthn/server@0.6.0
  • @simplewebauthn/typescript-types@0.6.0

Changes:

  • [server] (BREAKING) Server's verifyAttestationResponse() and verifyAssertionResponse() methods now take a single arguments object.
  • [server] These methods now include the ability to require user verification during attestation and assertion verification via the new requireUserVerification argument.
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc